While regulations to protect personal information and confidential information have recently been tightened, the market of the services that use on such information has been expanding. A service that uses the information on the positions of personal users that can be obtained from their smartphones is an example of such a service.
Thus, securing technologies that permit using of personal information or confidential information that remains protected have been attracting attention. Among the securing technologies, there is a method that uses a cryptographic technology or a statistical technology according to a data type or service requirements.
A homomorphic encryption technology is known as a securing technology that uses a cryptographic technology. The homomorphic encryption technology is one of the public key encryption methods in which a pair of different keys is used for encryption and decryption, and has a function that permits a data operation in a state in which the data remains encrypted. For example, encryption function E of a homomorphic encryption with respect to addition and multiplication have the characteristics as described in the following formulas:E(m1)+E(m2)=E(m1+m2)  (1)E(m1)*E(m2)=E(m1*m2)  (2)
Formula (1) indicates that it is homomorphic for addition, and Formula (2) indicates that it is homomorphic for multiplication. As described above, according to the homomorphic encryption technology, when performing, on two or more encrypted texts, an operation that corresponds to an addition or multiplication, an encrypted text for a result of an operation of adding or multiplying the original plain texts can be obtained without decrypting the encrypted texts.
Such characteristics of a homomorphic encryption have been expected to be used in the field of e-voting or e-money, or in the field of cloud computing, in recent years. As a homomorphic encryption with respect to addition or multiplication, the Rivest Shamir Adleman (RSA) encryption that only permits multiplication to be performed and the Additive ElGamal encryption that only permits addition to be performed are known.
Further, a homomorphic encryption that satisfies Formulas (1) and (2) was proposed in 2009 that permits both addition and multiplication to be performed (see, for example, Non Patent Document 1). Non Patent Document 1 only discloses a theoretical method for realizing a homomorphic encryption, and does not disclose a practical constructing method. However, in recent years, a practical constructing method of a somewhat homomorphic encryption has been proposed that permits both addition and multiplication to be performed (see, for example, Non Patent Document 2).
For a secured distance calculation using a homomorphic encryption, a cryptographic processing device that permits a reduction in both a size of encrypted vector data and a time for the secured distance calculation is also known (see, for example, Patent Document 1). This cryptographic processing device obtains a first polynomial from a first vector by use of a first transform polynomial and a second polynomial from a second vector by use of a second transform polynomial. Then, the cryptographic processing device obtains a first weight that relates to a secured distance of the first vector and a second weight that relates to a secured distance of the second vector.
Next, the cryptographic processing device encrypts each of the first polynomial, the second polynomial, the first weight, and the second weight using a homomorphic encryption, so as to obtain a first encrypted polynomial, a second encrypted polynomial, a first encrypted weight, and a second encrypted weight. Then, the cryptographic processing device obtains an encrypted secured distance that corresponds to an encryption of a secured distance between the first vector and the second vector from the first encrypted polynomial, the second encrypted polynomial, the first encrypted weight, and the second encrypted weight.
Patent Document 1: Japanese Laid-open Patent Publication No. 2014-126865
Non Patent Document 1: C. Gentry, “Fully Homomorphic Encryption Using Ideal Lattices”, STOC 2009, pp. 169-178, 2009.
Non Patent Document 2: K. Lauter, M. Naehrig and V. Vaikuntanathan, “Can Homomorphic Encryption be Practical?”, In ACM workshop on Cloud Computing Security Workshop-CCSW 2011, ACM, pp. 113-124, 2011.